Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2004:012: XFree86 Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the XFree86 package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:012 (XFree86).

Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing
of the font.alias file. The X server, which runs as root, fails to check the
length of user-provided input
as a result a malicious user could craft a
malformed font.alias file causing a buffer overflow upon parsing, which could
eventually lead to the execution of arbitrary code.
Additional vulnerabilities were found by David Dawes, also in the reading of
font files.
The updated packages have a patch from David Dawes to correct these

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.